Improper Input Validation in UEFI Firmware for Intel Processors
CVE-2024-21871

7.3HIGH

Key Information:

Vendor: Intel
Status: Uefi Firmware For Some Intel(r) Processors
Vendor: CVE Published:; 16 September 2024

What is CVE-2024-21871?

An improper input validation vulnerability exists in the UEFI firmware associated with certain Intel processors. This loophole may grant a privileged user unauthorized abilities, potentially enabling them to escalate privileges through local means. Users of affected Intel processors should be aware of this vulnerability and consider implementing recommended security measures to mitigate risks.

Affected Version(s)

UEFI firmware for some Intel(R) Processors See references

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2024

JSON